[ubuntu-hardened] selinux - mapping question
Michal Zimen
michal.zimen at gmail.com
Thu Mar 12 08:03:41 GMT 2009
Hi,
On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
> Hi all...
>
> I started to learn selinux and I have a question about mapping in
> selinux.
> I logged in as staff_u. The command id -Z gives me the following
> context: user_u:user_r:user_t
> The command: semanage user -l |grep staff_u
> print the output: staff_u sysadm_r staff_r
>
> My questions:
> 1) How the login process know to choose the staff_r role and not the
> sysadm_r role ?
semenage login -l
--mappings linux users into selinux user (1:1)
> 2) If only one is the appropriate role why I can see a list of roles
> to some seusers like staff_u and root ?
semanage user -l
--mappings selinux users into selinux roles (1:n)
>
> Many thanks for the help
> Yossi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20090312/d6d43aaa/attachment.htm
More information about the ubuntu-hardened
mailing list